﻿/********************************************************************************
** 作者： Mick
** 邮箱： zheng_jinfan@126.com
** 主页： http://www.zhengjinfan.cn
** 创始时间：2016-2-17
** 描述：
**      [辅助类]浏览器辅助类
*********************************************************************************/

using System;
using System.Linq;
using System.Text.RegularExpressions;
using System.Web;
using BestEasyCMS.Framework.Extension;

namespace BestEasyCMS.Framework.Util
{
    /// <summary>
    /// 浏览器辅助类
    /// </summary>
    public sealed class SafetyUtil
    {
        #region 根据单一模式构建类的对象
        private SafetyUtil() { }  //私有构造函数

        private static SafetyUtil _object; //静态变量
        private readonly static Object _obj = new object();
        /// <summary>
        /// 提供类的实例属性
        /// </summary>
        public static SafetyUtil Instance
        {
            get
            {
                lock (_obj)
                {
                    return _object ?? (_object = new SafetyUtil());
                }
            }
        }

        #endregion

        #region 常量
        private const string StrRegex = @"\b(alert|confirm|prompt)\b|^\+/v(8|9)|<[^>]*?=[^>]*?&#[^>]*?>|\b(and|or)\b.{1,6}?(=|>|<|\bin\b|\blike\b)|/\*.+?\*/|<\s*script\b|%3c\s*script\b|<\s*img\b|\bEXEC\b|UNION.+?SELECT|UPDATE.+?SET|INSERT\s+INTO.+?VALUES|(SELECT|DELETE).+?FROM|(CREATE|ALTER|DROP|TRUNCATE)\s+(TABLE|DATABASE)";
        #endregion

        #region 方法


        /// <summary>
        /// 过滤Url中的危险字符
        /// </summary>
        /// <returns></returns>
        public string FilterUrl()
        {
            var strRegex = AppSettingUtil.AppSettings["StrRegex"].ToStr();
            if (strRegex.IsEmpty())
                strRegex = StrRegex;
            var currentUrl = HttpContext.Current.Server.UrlDecode(HttpContext.Current.Request.Url.ToStr());
            var rg = new Regex(strRegex, RegexOptions.Compiled | RegexOptions.IgnoreCase);
            if (currentUrl != null && !rg.IsMatch(currentUrl)) return currentUrl;
            if (currentUrl == null) return "";
            var mcs = rg.Matches(currentUrl);
            return mcs.Cast<Match>().Aggregate(currentUrl, (current, m) => current.Replace(m.Value, ""));
        }

        /// <summary>
        /// 验证Post数据
        /// </summary>
        /// <returns></returns>
        public bool PostData()
        {
            var result = false;

            for (var i = 0; i < HttpContext.Current.Request.Form.Count; i++)
            {
                result = CheckData(HttpContext.Current.Request.Form[i].ToStr());
                if (result)
                {
                    break;
                }
            }
            return result;
        }



        /// <summary>
        /// 验证Get数据
        /// </summary>
        /// <returns></returns>
        public bool GetData()
        {
            var result = false;

            for (var i = 0; i < HttpContext.Current.Request.QueryString.Count; i++)
            {
                result = CheckData(HttpContext.Current.Request.QueryString[i].ToStr());
                if (result)
                {
                    break;
                }
            }
            return result;
        }

        /// <summary>
        /// Cookie数据
        /// </summary>
        /// <returns></returns>
        public bool CookieData()
        {
            var result = false;
            for (var i = 0; i < HttpContext.Current.Request.Cookies.Count; i++)
            {
                var httpCookie = HttpContext.Current.Request.Cookies[i];
                if (httpCookie != null)
                    result = CheckData(httpCookie.Value.ToLower());
                if (result)
                {
                    break;
                }
            }
            return result;

        }
        /// <summary>
        /// 验证Referrer数据
        /// </summary>
        /// <returns></returns>
        public bool Referer()
        {
            return HttpContext.Current.Request.UrlReferrer != null && (CheckData(HttpContext.Current.Request.UrlReferrer.ToStr()));
        }


        /// <summary>
        /// 验证输入的数据安全性
        /// </summary>
        /// <param name="inputData"></param>
        /// <returns></returns>
        public bool CheckData(string inputData)
        {
            var strRegex = AppSettingUtil.AppSettings["StrRegex"].ToStr();
            if (strRegex.IsEmpty())
                strRegex = StrRegex;
            return Regex.IsMatch(inputData, StrRegex);
        }

        #endregion
    }
}
